Once again there are reports of a Java zero-day vulnerability being actively exploited in the wild. All versions of Java are impacted, including the most recent release, JRE 7, Update 10.

With any version of Java installed on your computer, visiting a malicious link can result in a serious malware infection. Significantly, the exploit is not operating system and, although currently targeting Windows systems, can also run the same code on Mac OS X or Linux.

I enable then update. I disable, shortly after the update is discovered as ineffective. Over and over and over.
Fortunately, I only have it installed on one computer because one website I visit needs it. <sigh>

I forgot to say thanks, Corrine for letting us know it is disable time again.

Yes, I saw that quote, Corrine, but what I'm saying is that the ability to run a script outside of the Java sandbox within a Linux system is not going to be able to do much. It will not be able to obtain administrator rights to the OS. The most it could do is maybe... maybe corrupt some user's home directory; and even that is doubtful.

But anyway... I'll definitely be checking on this in my Win XP and 7 installations later this weekend. Thanks, as always, for the prompt alerts regarding all these baddies out there.

thanks again for keeping us abreast of the sometimes hostile environment in which we compute!
i'm about to walk into my boss' office and discuss java in our environment, and have already sent him a link to your blog's post on java 7's hole.

Mozilla blacklisted the Java plug-in by adding it to the "Click-to-Play" function. This means that if you receive a prompt at a website you are visiting that Java is needed, if you have any doubts, get out of there!

Yes, I think it's great that Mozilla did that in Firefox. It is very similar to what Google has done in Chrome. The difference from what they were both doing before is that, now, Mozilla has blacklisted the current version of Java as well due to the security risk. Definitely gutsy move and I applaud them for that.